<?php
/*
 * Created on Mar 28, 2008
* @author Oliver Radwan <oradwan@bowdoin.edu>
*/
?>
</div>
<div id="content">
	<?PHP
	include_once('database/dbPersons.php');
	include_once('database/Person.php');
	if(($_SERVER['PHP_SELF'])=="/logout.php"){
		//prevents infinite loop of logging in to the page which logs you out...
		echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
	}
	if(!array_key_exists('_submit_check', $_POST)){
		echo('<div align="left"><p>Access to RMH Homebase requires a Username and a Password. ' .
				'<ul><li>If you are a <i>new applicant</i>, please sign in with the Username <strong>guest</strong> and no Password. ' .
				'<br>Once you sign in, you will be able to fill out and submit an application form on-line.</p>'
		);

		echo('<li>If you are a <i>volunteer or staff member</i>, your Username is your first name followed by your phone number. ' .
				'');
		echo('<br>If you do not remember your Password, please contact the <a href="mailto:housemngr@rmhportlandme.org">House Manager</a>.</ul>');
		echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
	}
	else{
		//check if they logged in as a guest:
		if($_POST['user']=="guest" && $_POST['pass']==""){
			$_SESSION['logged_in']=1;
			$_SESSION['access_level']=0;
			$_SESSION['_id']="guest";
			echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
		}
		//otherwise authenticate their password
		else{
			$db_pass = md5($_POST['pass']);
			$db_id = $_POST['user'];
			$password_query_result = get_person($db_id);
			if($password_query_result){ //avoids null results
				$person = mysql_fetch_array($password_query_result, MYSQL_ASSOC);
				if($person['password']==$db_pass){ //if the passwords match, login
					$_SESSION['logged_in']=1;
					$type_array = explode(",",$person['type']);
					if (in_array('applicant', $type_array))
						$_SESSION['access_level'] = 0;
					else if (in_array('manager', $type_array))
						$_SESSION['access_level'] = 2;
					else $_SESSION['access_level'] = 1;
					$_SESSION['f_name']=$person['first_name'];
					$_SESSION['l_name']=$person['last_name'];
					$_SESSION['_id']=$_POST['user'];
					echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
				}
				else {
					echo('<div align="left"><p class="error">Error: invalid username/password<br />if you cannot remember your password, ask a house manager to reset it for you.</p><p>Access to RMH Homebase requires a Username and a Password. <p>For guest access, enter Username <strong>guest</strong> and no Password.</p>');
					echo('<p>If you are a volunteer, your Username is your first name followed by your phone number with no spaces. ' .
							'For instance, if your first name were John and your phone number were (207)-123-4567, ' .
							'then your Username would be <strong>John2071234567</strong>.  ');
  //echo('If you do not remember your password, please contact the <a href="mailto:housemngr@rmhportlandme.org">House Manager</a>.');
  // new entities
          echo('If you do not remember your password, please use the "Reset Password" button');
					//Determine if the person has an email address in the database
					$_SESSION['email']=$person['email'];
					// If they do, then generate a random password
					//For those who do have emails, send them their generated password via email.
					if($person['email']==$db_pass)
						echo('Username is lastName followed by your id number. This message been sent via email to your email for confirmation.');
					//If they do not, then prompt them to use the reset button.
					else
						echo('If you do not remember your password, please use the "Reset Password" button');
					echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
				}
			}
			else{
				//At this point, they failed to authenticate
				echo('<div align="left"><p class="error">Error: invalid username/password<br />if you cannot remember your password, ask a house manager to reset it for you.</p><p>Access to RMH Homebase requires a Username and a Password. <p>For guest access, enter Username <strong>guest</strong> and no Password.</p>');
				echo('<p>If you are a volunteer, your Username is your first name followed by your phone number with no spaces. ' .
						'For instance, if your first name were John and your phone number were (207)-123-4567, ' .
						'then your Username would be <strong>John2071234567</strong>.  ');
				echo('If you do not remember your password, please contact the <a href="mailto:housemngr@rmhportlandme.org">House Manager</a>.');
				echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
			}
		}
	}
	?>
	<?PHP include('footer.inc');?>
</div>
</div>
</body>
</html>
